You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "narayana b (JIRA)" <ji...@apache.org> on 2013/08/19 06:58:50 UTC
[jira] [Created] (HDFS-5108) hadoop 1.2.1 spengo HTTP web console
access issue
narayana b created HDFS-5108:
--------------------------------
Summary: hadoop 1.2.1 spengo HTTP web console access issue
Key: HDFS-5108
URL: https://issues.apache.org/jira/browse/HDFS-5108
Project: Hadoop HDFS
Issue Type: Bug
Environment: CentOS 6.3 32 bit, jdk1.6_u45, kerberos5-1.10 server
I replaced latest jce libs from oracle to support sha1-96...
Reporter: narayana b
Hi Good Morning,
1) i created kerberos DB, realm and able to test properly
$ kinit
$ klist
2) i followed this link and configured appropriate
http://hadoop.apache.org/docs/stable/HttpAuthentication.html
added valid principals, key tab files generated using, signature created
core-site.xml
<!-- HTTP web-consoles Authentication -->
<property>
<name>hadoop.http.filter.initializers</name>
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
</property>
<property>
<name>hadoop.http.authentication.type</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.http.authentication.token.validity</name>
<value>36000</value>
</property>
<property>
<name>hadoop.http.authentication.signature.secret.file</name>
<value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
</property>
<property>
<name>hadoop.http.authentication.cookie.domain</name>
<value></value>
</property>
<property>
<name>hadoop.http.authentication.simple.anonymous.allowed</name>
<value>false</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.principal</name>
<value>HTTP/localhost@NARAYANA.LOCAL</value>
</property>
<property>
<name>hadoop.http.authentication.kerberos.keytab</name>
<value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
</property>
</configuration>
3)I have tested kerberos spengo http to namenode, jobnode on single
cluster environment but failed to access web consoles
On browser : http://localhost:50070
Result: browser on browser401 error
4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira